Using historical DNS data, investigators can still identify which subdomains were resolved to which IP addresses in relation to the SUNBURST attack. Case Study | Investigate and Evaluate the Scale of SolarWinds SUNBURST Attack ?︎ Learn more about the access information on our Data Partner page here.
SUNBURST SOLARWINDS FULL
To access the full solution, a Maltego commercial license and a Farsight DNSDB subscription are required. You can get started immediately without an API key or registration, or sign up to the 30-day free trial for more query allowance. Access to Farsight Data in Maltego ?︎įarsight Transforms are available for both community and commercial Maltego users with a free trial. With Wildcard searches, expose hostnames/FQDNs, associated domains and further pivoting across IPs to expose all associated domains, FQDNs, IPs, MX, NX, and other record types. With Farsight Transforms in Maltego, users can expose entire networks, gain an outside-in view of their infrastructure and pivot across DNS record types. More than 100 billion domain resolution records and updated in real-time at over 200,000 times/second. Subsequently, without historical passive DNS data it is also no longer possible to investigate the hostnames generated with the DGA, the infected victims, the attack pattern observed, and the IP resolved from avsvmcloudcom’s subdomains.Ībout Farsight DNSDB Historical Passive DNS Data ?︎įarsight Security DNSDB® is the world’s largest DNS intelligence database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure- with If SUNBURST now attempts to connect to its C2 coordinator using a subdomain of avsvmcloudcom, the kill-switch will be activated instead. Investigating the SUNBURST Compromise ?︎Īfter being discovered, Microsoft has taken over the domain used by SUNBURST-avsvmcloudcom-and resolved it to 20.140.01. The sophisticated attack affected public and private organizations-18,000 SolarWinds customers, including almost all Fortune 500 companies, government agencies, and government contractors-since as early as Spring 2020 and has resulted in network lateral movement and data theft by adversaries.
SUNBURST SOLARWINDS SOFTWARE
In December 2020, cyber threat analysis company FireEye discovered a global supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute the malware named SUNBURST.